MindTodo Privacy Policy
Effective Date: October 9, 2025
Last Updated: February 12, 2026
1. How We Use Your Information
MindTodo processes personal information for the following purposes only. We will not use your data for any other purpose without obtaining your prior consent.
a. Service Delivery
- Providing mind map creation and editing features
- Providing task (todo) management and notification features
- Providing cross-device data sync and real-time collaboration (when signed in)
b. Account Management
- Identity verification and authentication via social sign-in (Apple, Google)
- Session management and fraud prevention
c. Service Improvement
- Analyzing usage patterns to improve the service (Firebase Analytics)
- Error detection and app stability improvements
d. Advertising
- Displaying non-personalized ads through Google AdMob
2. Information We Collect
MindTodo can be fully used without signing in. Sign-in is optional, and the information we collect varies depending on whether you choose to sign in.
a. Without Sign-in (Local Only)
- Mind map data (nodes, connections, layouts, drawings) — stored on device only
- App settings (language, color palette) — stored on device only
- Notification schedules (task due dates, reminder times) — stored on device only
b. With Sign-in (Additional Collection)
- Name and email address (provided by your Apple or Google account)
- Profile image URL (provided by social sign-in provider, optional)
- Social sign-in provider account ID and authentication tokens
- Mind map data — stored on our servers for cross-device sync
c. Automatically Collected
- Device information and app usage events (Firebase Analytics)
- Error logs and app stability data
- Ad interaction data (Google AdMob)
- IP address and User-Agent (included in session records when signed in)
3. Data Retention and Deletion
a. Local Data
- Mind map data, settings, and notification info are stored in on-device storage (AsyncStorage).
- Authentication session cookies are securely stored in the device's encrypted storage (SecureStore).
- All local data is automatically deleted when you uninstall the app.
b. Server Data (Signed-in Users)
- User account information and synced mind map data are stored in a Cloudflare D1 database.
- Real-time collaboration data is temporarily stored in Cloudflare Durable Objects.
- Session information is retained for up to 30 days and automatically deleted upon expiration.
- When you delete your account, all user data, sessions, linked social accounts, and synced mind maps are permanently and immediately deleted.
4. Third-Party Services
MindTodo does not sell or provide your personal information to third parties. However, we use the following third-party services to operate the app:
| Service | Purpose | Data Shared |
|---|
| Firebase Analytics (Google) | App usage analytics | Device info, usage events, screen views |
| Google AdMob | Ad display | Device identifiers, IP address, ad interactions |
| Apple ID | Social sign-in (optional) | Name, email |
| Google Sign-In | Social sign-in (optional) | Name, email, account ID |
| Cloudflare | Server infrastructure (API, DB, real-time collaboration) | Account info, synced mind map data |
Only non-personalized ads are displayed. On iOS, we request App Tracking Transparency (ATT) permission separately. If you decline, only privacy-preserving ads are shown.
5. Security Measures
a. Local Data Security
- Authentication session data is securely stored in the device's encrypted storage (SecureStore)
- Mind map data is stored in the app's internal storage (AsyncStorage), inaccessible to other apps
b. Network Security
- All communication with our servers is encrypted via HTTPS/WSS (TLS)
- Session-based authentication prevents unauthorized access
- WebSocket connections for real-time collaboration are authenticated
c. Server Security
- Serverless architecture based on Cloudflare Workers for enhanced infrastructure security
- Session expiration management (30-day validity, renewed every 24 hours)
- Complete and immediate data deletion (cascade delete) when an account is deleted
6. Your Rights
You have the following rights regarding your data:
- Delete your account in app settings to permanently erase all server data
- Uninstall the app to delete all local data
- Sign out to stop data sync and collaboration
- Directly manage and delete your mind maps and tasks
- Change App Tracking Transparency (ATT) permissions in iOS Settings
- Change notification permissions in your device settings
- Change app settings such as language and color palette
7. Contact Us
- Privacy Team: MindTodo Development Team
- Email: contact@snap-tool.com
8. Changes to This Policy
This Privacy Policy is effective as of February 12, 2026. If we make changes to reflect legal requirements or service updates, we will notify you at least 7 days before the changes take effect.